Breach response Archives

SEC Proposes Additional Cybersecurity Disclosure Rule

March 21, 2022
Editorial Team
Breach Notification, Breach response, Cybersecurity, Governance, Policies and Procedures, SEC
0 Comments

On March 9, 2022, the Securities and Exchange Commission (SEC) issued a proposed rule on cybersecurity risk management, strategy, governance, and incident disclosure by public companies. The SEC will likely vote to finalize the rule before this summer. Proposed Rule…

Why Developing Cyber Resilience Requires Emotional Intelligence

December 20, 2021
Nadja El Fertasi
Breach response, Business, C-Suite, Cybercrime, Emotional Intelligence, Incident Response, Ransomware, Supply Chains

Liability cases are rising as the top leaders of corporations are being held personally accountable for data breaches. The Bank of Ireland, for example, was recently fined a record €24.5m and publicly reprimanded by the Central Bank of Ireland for IT failures dating back to 2008. The visible cost of malicious cybercrime attacks is estimated…

Become a member to access this content.

Shareholders Seek to Hold Current and Former SolarWinds Officials Liable for Massive 2020 Security Breach

December 10, 2021
Editorial Team
Breach response, Courts, Cyberattacks, Cybersecurity, Data Breach, Solar Winds

Investors filed a derivative suit claiming that the company knew about, and failed to mitigate known, existing cybersecurity risks and shortfalls prior to the security breach. In early November, pension funds and individual shareholders filed a lawsuit against SolarWinds Corporation (“SolarWinds”) as well as current and former members of the board directors. The suit comes…

Become a member to access this content.

Lloyd v Google: A Sigh of Relief for Data Controllers

November 15, 2021
Editorial Team
Breach response, Class Actions, Courts, Data Breach, Data Controllers, Data Protection, DPA 1998, European Union, United Kingdom

In unanimously refusing to allow a representative action to proceed, the UK Supreme Court may have sounded the death knell for opt-out class actions in England for data breaches: Lloyd v Google [2021] UKSC 50. The Safari workaround Back in 2011 Apple’s Safari web browser on iPhones blocked all third-party cookies. This prevented popular websites…

Become a member to access this content.

Courts Rule on When a Data Breach of PII is Actionable

October 29, 2021
Editorial Team
Breach response, Courts, Data Breach, Penalties and Enforcement, Personal Information, Personally Identifiable Information (PII)

The Second Circuit recently joined a growing number of federal courts to decide when a data breach of personally identifiable information (“PII”) is actionable. According to the Second Circuit, plaintiffs do not have standing to bring a lawsuit when there is no allegation their PII was targeted or misused. The Second Circuit’s decision To bring…

Become a member to access this content.

DOJ Will Use False Claims Act to Target Cybersecurity Fraud

October 15, 2021
Michael Reinhardt
Breach Notification, Breach response, Compliance, Cyber Fraud, Cybersecurity, Data Mapping and Inventory, Department of Justice, Government Contracting, Risk Management

On October 6, Deputy Attorney General Lisa Monaco announced the launch of the US Department of Justice’s (DOJ) Civil Cyber-Fraud Initiative. The DOJ will utilize the False Claims Act (FCA) to pursue cybersecurity related fraud by government contractors and grant recipients. The False Claims Act was enacted during the Civil War to stamp out fraud…

Become a member to access this content.

Senate Introduces Ransomware Notification Mandate

October 9, 2021
Tim Crino
Breach response, Cybersecurity, Legislation, Ransomware, Senate

The US Senate has introduced a bill that would require businesses with more than 50 employees to report ransomware payments within 24 hours. (S. 2666), the “Sanction and Stop Ransomware Act of 2021,” was introduced by the Senate Homeland Security Committee and Governmental Affairs Committee and also would apply to nonprofits, state and local government…

Become a member to access this content.

Attorney-Client Privilege in the Age of Cyber Breaches

October 8, 2021
Other Source
Attorney-Client Privilege, Breach Notification, Breach response, Data Breach

Investigations and forensic reports relating to a cybersecurity breach may not always be protected by the attorney-client privilege or work product protection. Companies seeking such reports after a data breach must take caution to protect them from a possible waiver of privilege in the event of subsequent litigation relating to a data breach. The following…

Become a member to access this content.

New Ransomware Guidance Issued

September 25, 2021
Michael Reinhardt
Breach response, Cybercrime, Cybersecurity, Federal Agencies, OFAC, Penalties and Enforcement, Ransomware, US Regulatory

On September 21, 2021, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued new ransomware guidance, discouraging companies and citizens from paying ransoms. The Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments is the latest step taken by the Biden Administration to curb the increase in ransomware attacks. In…

Become a member to access this content.

The Impact of Data Security Incident Trends on Commercial Transactions

September 17, 2021
Editorial Team
Breach Notification, Breach prevention, Breach response, Compliance, Consumer Privacy, Cybersecurity, Data Protection, Data Security, Privacy, Ransomware, US Regulatory

The 2021 edition of BakerHostetler’s annual Data Security Incident Response Report – a report based on the firm’s experience with data security incident response and litigation over the past year – features a number of important insights previously covered on this blog including trends in global breach notification, healthcare industry risks and ransomware. The Report…

Become a member to access this content.

Page 1
Page 2
Page 3
Next